Skip to content

Commit

Permalink
feat: migrate CI pipeline to github actions (#3120)
Browse files Browse the repository at this point in the history
* feat: github actions CI

* chore: do not use 3rd party github action

* chore: no need pip

* feat: dynamically configure environment

* chore: update aws region env

* chore: combine build and deploy

* chore: add docker build file flag

* chore: add docker tag

* chore: docker push tag

* chore: docker push all tags

* fix: github run id variable name

* feat: copy to s3 bucket, configure sentry

* nit: indent

* chore: use image_tag for eb version-label

* chore: rename DEPLOY_ENV

* chore: remove environment-specific naming

* chore: remove app version step

* chore: delete travis ci

* chore: update docs

* chore: correct tag variable for sentry

* chore: drop sentry from CD

* chore: split create app version and update eb steps

* feat: add retry if deployment to eb fails

* feat: add run attempt to image tag

* chore: remove auto retry
  • Loading branch information
tshuli authored Dec 2, 2021
1 parent a5127a4 commit 700f7c3
Show file tree
Hide file tree
Showing 5 changed files with 104 additions and 149 deletions.
4 changes: 2 additions & 2 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ pull_request_rules:
- check-success~=CodeQL # CodeQL code scanning results
- check-success~=GitGuardian
- check-success~=Semantic Pull Request
- check-success~=Travis CI - Branch
- check-success~=build_deploy_application
- check-success~=coverage/coveralls
- check-success~=license/snyk
- check-success~=security/snyk
Expand All @@ -32,7 +32,7 @@ pull_request_rules:
- check-success~=CodeQL # CodeQL code scanning results
- check-success~=GitGuardian
- check-success~=Semantic Pull Request
- check-success~=Travis CI - Branch
- check-success~=build_deploy_application
- check-success~=coverage/coveralls
- check-success~=license/snyk
- check-success~=security/snyk
Expand Down
88 changes: 88 additions & 0 deletions .github/workflows/deploy-eb.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: Deploy to AWS Elastic Beanstalk
on:
push:
branches: # There should be 4 environments in github actions secrets: release, staging, staging-alt, uat. This is different from the DEPLOY_ENV secret which corresponds to elastic beanstalk environment name
- release
- staging
- staging-alt
- uat

jobs:
set_environment:
outputs:
current_env: ${{ steps.set-environment.outputs.current_env }}
runs-on: ubuntu-latest
steps:
- id: set-environment
run: echo "::set-output name=current_env::${{github.ref_name}}"

build_deploy_application:
needs: set_environment
environment:
name: ${{ needs.set_environment.outputs.current_env }}
env:
IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }}-${{github.run_attempt}}
BRANCH: ${{ needs.set_environment.outputs.current_env }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: '14'
cache: 'npm'
- name: Build
env:
NODE_OPTIONS: '--max-old-space-size=4096'
run: |
npm ci
set -e
npm_config_mode=yes npx lockfile-lint --type npm --path package.json --validate-https --allowed-hosts npm
npm run lint-ci
npm run build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Build, tag, and push image to Amazon ECR
env:
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
run: |
docker build -f Dockerfile.production -t $ECR_REPOSITORY:$IMAGE_TAG .
docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REPOSITORY:$BRANCH
docker push -a $ECR_REPOSITORY
sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json
zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json
- name: Copy to S3
env:
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
run: |
aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip
- name: Create application version
env:
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
APP_NAME: ${{ secrets.APP_NAME }}
run: |
aws elasticbeanstalk create-application-version --application-name $APP_NAME \
--version-label $IMAGE_TAG \
--source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \
--description "${{ github.event.head_commit.message }}"
- name: Update EB environment
id: update-eb-1
env:
APP_NAME: ${{ secrets.APP_NAME }}
DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }}
run: |
aws elasticbeanstalk update-environment --application-name $APP_NAME \
--environment-name $DEPLOY_ENV \
--version-label $IMAGE_TAG
123 changes: 0 additions & 123 deletions .travis.yml

This file was deleted.

2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# FormSG

[![Build Status](https://travis-ci.com/opengovsg/formsg.svg?branch=release)](https://travis-ci.com/opengovsg/formsg)
[![Build Status](https://github.com/opengovsg/FormSG/actions/workflows/deploy-eb.yml)](https://github.com/opengovsg/FormSG/actions/workflows/deploy-eb.yml)
[![Coverage Status](https://coveralls.io/repos/github/opengovsg/FormSG/badge.svg?branch=develop)](https://coveralls.io/github/opengovsg/FormSG?branch=develop)

## Table of Contents
Expand Down
36 changes: 13 additions & 23 deletions docs/DEPLOYMENT_SETUP.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Infrastructure

DevOps

- TravisCI for running tests and builds
- Github Actions for running tests and builds
- AWS Elastic Container Registry to host built Docker images

Network
Expand Down Expand Up @@ -76,32 +76,22 @@ Secondly, edit the form document belonging to that specific form adminstrator by

If no `msgSrvcName` is found in the form document, SMSes associated with that form will be sent out using and charged to the default Twilio API credentials.

### Travis CI/CD environment variables
### Github Actions Secrets

For more information about the various environment variables, please refer to
[Travis documentation](https://docs.travis-ci.com/user/deployment/elasticbeanstalk/).

The following env variables are set in Travis:
| Variable | Description|
The following repository secrets are set in Github Actions:
| Secret | Description|
|:---------|------------|
|`REPO`|The repository of the AWS Elastic Container Registry|
|`STAGING_BRANCH`|Name of staging branch, usually `master`.|
|`STAGING_ALT_BRANCH`|Name of staging-alt (if any) branch, usually `release`. An alternate staging branch is used to host diverging feature sets, useful for A/B testing.|
|`PROD_BRANCH`|Name of production branch, usually `release`.|
|`AWS_ACCESS_KEY_ID`|AWS IAM access key ID used to deploy.|
|`AWS_SECRET_ACCESS_KEY`|AWS IAM access secret used to deploy.|
|`AWS_REGION`|AWS region to use.|
|`PROD_APP_NAME`|The names of the deployed docker application for the production application on AWS as determined by `PROD_BRANCH`.|
|`STAGING_APP_NAME`|The names of the deployed docker application for the staging application on AWS as determined by `STAGING_BRANCH`.|
|`PROD_BUCKET_NAME`|Bucket name to upload the code of the production app to. Elastic Beanstalk will create and deploy an application version from the source bundle in this Amazon S3 bucket.|
|`STAGING_BUCKET_NAME`|Bucket name to upload the code of the staging app to. Elastic Beanstalk will create and deploy an application version from the source bundle in this Amazon S3 bucket.|
|`PROD_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the production application will be deployed to.|
|`STAGING_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the staging application will be deployed to.|
|`STAGING_ALT_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the staging-alt application will be deployed to.|
|`SENTRY_ORG`|Organisation that source-maps should be linked to on sentry dashboard.|
|`SENTRY_AUTH_TOKEN`|Authentication token used by sentry cli to authenticate with sentry service.|
|`SENTRY_PROJECT`|Project that source-maps should be linked to on sentry dashboard.|
|`SENTRY_URL`|Sentry service that source-maps should be pushed to.|
|`AWS_DEFAULT_REGION`|AWS region to use.|
|`ECR_REPO`|ECR Repository which stores the docker images.|
|`BUCKET_NAME`| S3 Bucket used to store zipped `Dockerrun.aws.json`.|

There are also environment secrets for each environment (`staging`, `staging-alt`, `release`, `uat`):
| Secret | Description|
|:---------|------------|
|`APP_NAME`|Application name for the environment.|
|`DEPLOY_ENV`|Deployment environment on elastic beanstalk.|

## Environment Variables

Expand Down

0 comments on commit 700f7c3

Please sign in to comment.